8/12/2019 21CFRPart11

1/8

1. Understanding 21 CFR Part 11

The 21 CFR Part 11 regulation was created to maintain the trustworthiness,

reliability, and integrity of electronic records, and to ensure that the

authenticity of electronic records would be equivalent to paper records when

submitted. Therefore, it includes acceptance criteria for both electronic records

and electronic signatures. It does not intend or mandate that these replace

paper records, but rather provides guidelines in the event that they are used.

The following definitions will be used throughout this document and are

defined as stated in Rule 21 CFR Part 11:

Electronic Record: Any combination of text, graphics, data, audio,pictorial, or other information representation in digital form that is

created, modified, maintained, archived, retrieved, or distributed by

a computer system.

Electronic Signature: A computer data compilation of any symbol

or series of symbols executed, adopted, or authorized by an individual to

be the legally binding equivalent of the individuals handwritten signature.

Closed System: An environment in which system access is controlled

by persons who are responsible for the content of the electronic records

that are on the system.

Digital Signature: An electronic signature based upon cryptographic

methods of originator authentication, computed by using a set of rules

and a set of parameters such that the identity of the signer and theintegrity of the data can be verified.

Biometrics: A method of verifying an individuals identity based on

measurement of the individuals physical feature(s) or repeatable action(s)

where those features and/or actions are both unique to that individual

and measurable.

Xcalibur

DataSystem

21 CFR Part 11 Compliance

On August 20 of 1997, the United States Food and

Drug Administration (FDA) issued a document

known as Rule 21 CFR Part 11. This was requested

and developed with input from the pharmaceutical

industry and outlines the FDA criteria for accepting

electronic records and signatures. All companies

and industries who submit or utilize electronic

records and/or signatures regulated by the FDA

must comply with this federal regulation.

8/12/2019 21CFRPart11

2/8

2. The Xcalibur Data System

The Xcalibur data system provides instrument control and data analysis

for the entire family of Thermo Electron mass spectrometers and related

instruments. The easy-to-use interface enables quick and efficient acquisition,

data processing and results delivery. Xcaliburs wide range of functionality

and ability to integrate third-party control provides the tools to perform

a broad range of applications.

This document explains how Thermos Xcalibur data system can help you

achieve 21 CFR Part 11 compliance. The timeline for achieving compliance

and the details on how various aspects of compliance will be achieved are all

documented in the following sections.

2.1 Thermo Electrons 21 CFR Part 11 Compliance StatementAbout Xcalibur

By the definition supplied by the FDA, Xcalibur software falls within the

definition of a closed system. Xcalibur is currently partially compliant with

21 CFR Part 11, but can not be configured to meet all the requirements until

version 2.0. It should be noted that LCQUAN 2.0 will support compliance with

the provisions of 21 CFR Part 11 and will run on both Xcalibur 1.3 and 1.4.

Xcalibur 1.3 and 1.4 by themselves can not be used to achieve compliance to

the regulation.

Xcalibur 2.0 will be one of several tools that can be used to achieve

compliance with the 21 CFR Part 11 rule. The customers internal Standard

Operating Procedures (SOPs) contain many of the tools necessary to

demonstrate to the FDA that electronic records and signatures can be

generated and controlled according to the FDA provisions of 21 CFR Part 11.

This includes but is not limited to, password user id protocol and long-term

archiving. This fully-compliant enabled version of Xcalibur will be available

in the first quarter of 2005. Each requirement is further described and detailed

in Section 2.2.

2.2 Details of 21 CFR Part 11 Compliance Coverage

Rule 21 CFR Part 11 is broken into three subparts. Subpart A provides the

general provisions of the regulation. Using the definition supplied by the

regulation in Subpart A, the Xcalibur data system falls within the scope of

a closed system. Subpart B covers the electronic records portion of the

regulation. A closed system such as Xcalibur therefore falls under

Section 11.10 of Subpart B. Subpart C covers the electronic signature portion

of the rule and is also applicable to Xcalibur. The following table lists the

various sections found in Subparts B and C of the regulation, and how

Xcalibur 2.0 will address these parts.

Xcal i burDat aSyst e

m

8/12/2019 21CFRPart11

3/8

Rule LCQUAN 2.0 (withRule ID Text of 21 CFR Part 11 Apply? Xcalibur 2.0 Xcalibur 1.3 and 1.4)

11.10 (a) Validation of systems to ensure

accuracy, reliability, consistent

intended performance

N/A It will be the responsibility of the end user to

validate the system. Thermo Electron is able to

assist by supplying validation materials.

Same

and the ability to discern

invalid records

Yes Invalid records will be discerned through the

use of the CRC feature of a file. Unexpected

changes to records (outside of our

applications) will be detected by checksum

mechanisms.

Same

and the ability to discern

altered records

Yes Altered records will be detected through use of

the CRC feature of a file. Unexpected changes

to records (outside of our applications) will be

detected by checksum mechanisms.

Same

11.10 (b) The ability to generate accurate

and complete copies of records

in both human readable and

electronic form suitable for

inspections, review, and copying

by the agency

Yes Xcalibur records will be displayed using the

applications supplied in the software. Xcalibur

records and audit trails will be printed using

standard reports or customized reports.

Same

11.10 (c) Protection of records to enable

their accurate and ready retrieval

throughout the records retention

period

Yes It will be the responsibility of the end user to

establish standard operating procedures

(SOPs) ensuring the proper security and

archiving of electronic records. Xcalibur will

utilize a secure permissions folder that

prevents deletion or modification of records.

Xcalibur software development will ensure that

electronic records from previous versions of

software are compatible with the latest version

of Xcalibur.

Same

11.10 (d) Limiting system access to

authorized individuals

Yes Xcalibur 2.0 will operate on the Microsoft

Windows XP operating system and will usethe Authorization tool to set permissions for

run access to the application.

It will be the responsibility of the end user to

establish SOPs governing the issuance and

security of account names and passwords.

Same except that

LCQUAN 2.0 willrun on the Windows

2000 operating

system.

21CFRPart11Compliance

11.10 (e) Use of secure, computer-generated,

time-stamped audit trails to

independently record the date and

time of operator entries and actions

that create, modify, or delete

electronic records

Yes Xcalibur records will contain audit trails that

are generated independently of the user.

The audit trails will capture the operator user

name, date, time, what application is being

used, what has been changed, which version

of the software is being used, and who is

allowed to change it.

The version of the

software will not be

captured. LCQUAN

will have no facilities

to delete files,

therefore we will not

monitor deletion.

Record changes shall not obscure

previously recorded information

Yes The audit trail will not be overwritten but

updated to include the parameter that has

changed, the previous value and the new

value.

Same

Such audit trail documentation shall

be retained for a period at least as

long as that required for the subject

electronic records

continue

Yes Xcalibur audit trails will be a separate

electronic record and exist as long as the

electronic record exists. The retention

of records will depend on the end user.

Nothing in Xcalibur will prevent the

retention of the record.

Same

8/12/2019 21CFRPart11

4/8

Xcal i burDat aSyst e

m

Rule LCQUAN 2.0 (withRule ID Text of 21 CFR Part 11 Apply? Xcalibur 2.0 Xcalibur 1.3 and 1.4)

11.10 (e) and shall be available for agency

review and copying

Yes Xcalibur audit trail information will be

displayed, copied and printed.

Audit trail information

will be printed. This

information can also

be copied but the copy

will be an orphan. No

workbook will use the

copy.

11.10 (f) Use of operational system checks

to enforce permitted sequencing

of steps and events, as appropriate

Yes In those instances where Xcalibur has a critical

workflow, internal checks will be enforced via

the Authorization tool.

Internal checks will

be enforced to

assure that required

sequence will be

followed.

11.10 (g) Use of authority checks to ensure

only authorized individuals can use

the system, electronically sign a

record, access the operation or

computer system input or output

device, alter a record, or perform

the operation at hand

Yes Xcalibur will operate on the Windows XP

platform. Windows XP requires a user account

name and login to access the operating

system.

It will be the responsibility of the end user to

establish SOPs setting forth the guidelines for

accessing the system.

Authorization tool

used in conjunction

with Windows

security.

11.10 (h) Use of device (e.g., terminal) checks

to determine, as appropriate, the

validity of the source of data input

or operational instruction

No Where this condition exists, all appropriate

checks will be performed.

Same

11.10 (i) Determination that persons who

develop, maintain, or use electronic

record/electronic signature systems

have the education, training, and

experience to perform their

assigned task

Yes Thermo Electron will ensure that those who

develop and maintain our 21 CFR Part 11

software have the education, training, and

experience necessary.

It will be the responsibility of the end user

to establish the policies and SOPs required

to ensure their personnel meet the requirement

of this sub-section.

Same

11.10 (j) The establishment of, and

adherence to, written policies that

hold individuals accountable and

responsible for actions initiated

under their electronic signatures, in

order to deter record and signature

falsification

N/A It will be the responsibility of the end user

to establish the policies and SOPs required

to meet the requirement of this sub-section.

Same

11.10 (k) Use of appropriate controls over

systems documentation including:

(1) Adequate controls over the

distribution of, access to, anduse of documentation for

system operation and

maintenance

(2) Revision and change control

procedures to maintain an

audit trail that documents

time-sequenced development

and modification of systems

documentation

N/A

Yes

It will be the responsibility of the end user

to establish the policies and SOPs required

to meet the requirement of this sub-section.

The Xcalibur manuals supplied to the customer

will be under revision and change control

procedures.

The online Help supplied in Xcalibur are

electronic records that currently are not

expected to contain an audit trail feature.

Same

Same

8/12/2019 21CFRPart11

5/8

Rule LCQUAN 2.0 (withRule ID Text of 21 CFR Part 11 Apply? Xcalibur 2.0 Xcalibur 1.3 and 1.4)

11.30 Controls for Open Systems N/A Xcalibur is a closed system. Therefore, controls

for open systems are not discussed in this

document.

Same

11.50 (b) The items identified in paragraphs

a-1, a-2, and a-3 of this section shall

be subject to the same controls as

for electronic records, and shall

be included as part of any human

readable form of the electronic

record (such as electronic display

or printout)

Yes Xcalibur will keep as part of the electronic

record the signature, date and time, and

meaning.

Same

11.100 (b) Before an organization establishes,

assigns, certifies, or otherwise

sanctions an individuals electronic

signature, or any element of such

electronic signature, the organ-

ization shall verify the identity of

the individual

N/A It will be the responsibility of the end user to

establish policies to meet the requirement of

this sub-section.

Same

11.50 (a) Signed electronic records shall

contain information associated with

the signing that clearly indicates all

of the following:

(1) The printed name of the

signer;

(2) The date and time when the

signature was executed; and

(3) The meaning (such as review,

approval, responsibility, or

authorship) associated with

the signature

Yes Authorization tool will allow the administrator

to require signing for key operations.

Same

11.70 Signature/record linking

Electronic signatures and hand-

written signatures executed

to electronic records shall be l inked

to their respective electronic records

to ensure that the signatures cannot

be excised, copied, or otherwise

transferred to falsify an electronic

record by ordinary means

Yes Xcalibur will support electronic signatures.

Handwritten signatures are not captured

electronically in Xcalibur and therefore cannot

be linked.

Handwritten

signatures will not

be linked to

electronic records.

11.100 (a) Each electronic signature shall be

unique to one individual and shall

not be reused by, or reassigned to,

anyone else

Yes Xcalibur, through Windows XP, will require

a user id and password. With the appropriate

policies and SOPs, the end user will be able to

use the user id as a valid electronic signature.

Same

11.100 (c) Persons using electronic signatures

shall, prior to or at the time of such

use, certify to the agency that the

electronic signatures in their

system, used on or after August 20,

1997, are intended to be the legally

binding equivalent of traditional

handwritten signatures.

continue

N/A It will be the responsibility of the end user to

establish policies and submit the appropriate

documentation.

Same

21CFRPart11Compliance

8/12/2019 21CFRPart11

6/8

8/12/2019 21CFRPart11

7/8

8/12/2019 21CFRPart11

8/8

2.3 Compliance Document Disclaimer

This document has been prepared and provided to you in order that you may

evaluate and understand Thermos position on supplying you with resources to

support 21 CFR Part 11 compliance. As either an existing or potential customer,

we at Thermo want to help you understand and address the needs of your

company in implementing and abiding by the FDA regulations. This document

does not recommend how to implement the regulations. It is meant to provide

you with information that you can use in complying with the regulations in yourlaboratory environment. Our customers are ultimately and solely responsible for

ensuring they meet compliance guidelines, however, we take seriously our role to

provide you with the information and tools to do this efficiently and effectively.

By providing you with our 21 CFR Part 11 Compliance Statement contained

herein, Thermo has made reasonable efforts to provide complete and accurate

information regarding compliance of our products. You should be aware that

regulations, interpretations of these regulations, and enforcement of these

regulations are continually evolving, and therefore we cannot guarantee that the

information contained within this document is complete, current, or necessarily

applies to every possible situation.

For third-party products, whether obtained directly from us or another distributor,we recommend that you consult directly with that third-party vendor concerning

their adherence to 21 CFR Part 11 compliance. In cases where we pass along

third-party compliance statements, we accept no responsibility for the verification

of accuracy or completeness.

Thermo Electron Corporation, its employees, or its agents or representatives in

connection with the information in this documents in no event shall be liable for

indirect, special, consequential or incidental damages, including but not limited

to loss of revenue, loss of profits, or loss of good will, regardless of whether we

(a) have been informed of the possibility of such damages, or (b) are negligent.

Thermos obligations and responsibilities regarding our products are governed

solely by the agreements under which they are sold or licensed. Nothing in thisstatement is intended to modify rights or obligations under any agreements or

to create any new rights or obligations between us and our customers.

Xcalibur Data System 21 CFR Part 11 Compliance

International

Offices

AustraliaTel. +61 2 8844 9500

AustriaTel. +43 1 333 50340

BelgiumTel. +32 2 482 30 30

CanadaTel. +1 800 532 4752

ChinaTel. +86 10 5850 3588

FranceTel. +33 1 60 92 48 00

GermanyTel. +49 6103 4080

IndiaTel. +91 22 2778 1101

ItalyTel. +39 02 950 591

JapanTel. +81 45 453 9100

Latin AmericaTel. +1 512 251 1503

NetherlandsTel. +31 76 587 98 88

NordicTel. +46 8 556 468 00

South AfricaTel. +27 11 570 1840

SpainTel. +34 91 657 4930

SwitzerlandTel. +41 61 48784 00

UKTel. +44 1442 233555

USATel. +1 800 532 4752

2005 Thermo Electron Corporation. All rights reserved. Microsoft and Windows are registered trademarks of Microsoft Corporation. All other trademarks are the property of ThermoElectron Corporation and its subsidiaries. We make no warranties, expressed or implied, in this product summary, and information is subject to change without notice. Printed in the USA.

www.thermo.com/ms-software WP61398_E 03/05S

The information in this publication is provided for reference only. All information contained in this publication is believed to be correct and complete.

Thermo Electron shall not be liable for errors contained herein nor for incidental or consequential damages in connection with the furnishing,

performance, or use of this material. Customers are ultimately responsible for validation of their systems. All product specifications, as well as the

information contained in this publication, are subject to change without notice.